AWS Certified Security - Specialty

Get started today

Ultimate access to all questions.

Quick Answer

Answer-first summary for fast verification

Answer: Isolate the instance by removing it from the security group and network ACLs, then perform a root cause analysis.

Isolating the instance by removing it from the security group and network ACLs ensures that the compromised resource cannot communicate with other resources in the network, thereby preventing further damage. Terminating the instance immediately might prevent the collection of necessary data for root cause analysis.

Author: LeetQuiz Editorial Team

Quick Answer

Answer-first summary for fast verification

Answer: Isolate the instance by removing it from the security group and network ACLs, then perform a root cause analysis.

Author: LeetQuiz Editorial Team

Comments (0)

No comments yet.

Your AWS environment has detected suspicious activity on an EC2 instance. According to the AWS Security Incident Response Guide, what initial steps should be taken to isolate the compromised resource and prevent further damage?

Simulated

Immediately terminate the instance and delete all associated EBS volumes.

0.0%

Isolate the instance by removing it from the security group and network ACLs, then perform a root cause analysis.

100.0%

Reboot the instance and monitor the logs for any unusual activity.

Increase the instance type to a larger size to handle potential increased load from the attack.